Node.js Express integration causing strange behaviour

Hi,

I’m facing some strange issues with Auth0 integration for my frontend app (Angular 7+) and backend (node.js express). I have followed the quick start guides https://auth0.com/docs/quickstart/spa/angular2 for frontend and https://auth0.com/docs/quickstart/backend/nodejs for backend.

This is what I did

  1. Created an app under ‘Applications’ (named it ABC)
  2. By default Application type was ‘Single Page Application’
  3. Followed the integration guide for angular and it went well. That is I could login from frontend and renewal of token works fine even on page reload.
  4. Headed to integrate with node.js Express framework. I followed the above doc for backend. In this process, I had to create a new API under the ‘APIs’ section of the dashboard(named it API123).
  5. Added the middleware -
const jwtCheck = jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: 'https://xxx.auth0.com/.well-known/jwks.json'
  }),
  audience: process.env.AUTH0_CLIENTID,
  issuer: 'https://xxx.auth0.com/',
  algorithms: [ 'RS256' ]
});

here process.env.AUTH0_CLIENTID was initially taken from my newly created API client ID(API123). But for some reason, when it hit the endpoint with the middleware it was giving error saying ‘expected audience xxxx’. After searching on internet I had to replace my process.env.AUTH0_CLIENTID in backend with Client Id of the App(ABC) created for my frontend end and change the ‘Application Type’ of the App ABC to ‘Regular Web Application’ and changed ‘Token Endpoint Authentication Method’ to ‘Post’. This solved the problem.

BUT…

For some reason, randomly on all browsers(including mobile) - when I navigate to protected route using node.js express middleware I get 504 nginx error and that particular protected route does not return any data. Also randomly after successful login from the frontend, when I refresh or navigate to protected route, it throws an error saying Login required and that I suspect this.auth0.checkSession(renewTokens) is failing.

Not sure if i have made my issue clear, if not please ask me and I’ll elaborate more.

Here’s my full setup for frontend and backend -

Frontend

auth0 = new auth0.WebAuth({
    clientID: 'GiElfXNsIbScO4d5JI7iH6EoOU39HbjP',
    domain: 'xxx.auth0.com'
    responseType: 'token id_token',
    redirectUri: 'https://domain.com/auth0/callback'
  });

Backend

const jwtCheck = jwt({
  secret: jwksRsa.expressJwtSecret({
    cache: true,
    rateLimit: true,
    jwksRequestsPerMinute: 5,
    jwksUri: 'https://xxx.auth0.com/.well-known/jwks.json'
  }),
  audience: 'GiElfXNsIbScO4d5JI7iH6EoOU39HbjP',
  issuer: 'https://xxx.auth0.com/',
  algorithms: [ 'RS256' ]
});

Also, I’m making use of Management API to delete a user and it works well - here’s the code
Management API

const ManagementClient = require('auth0').ManagementClient;

const auth0 = {
  initManagementAPI: () => {
    return new ManagementClient({
      domain: 'xxx.auth0.com',
      clientId: 'GiElfXNsIbScO4d5JI7iH6EoOU39HbjP',
      clientSecret: AUTH0_CLIENT_SECRET,
      audience: 'https://xxx.auth0.com/api/v2/',
      scope: 'read:users'
    });
  },

  deleteUser: (id) => {
    return new Promise((resolve, reject) => {
      auth0.initManagementAPI().deleteUser({ id: id })
        .then((user) => {
          resolve({ user: user });
        })
        .catch((error) => {
          reject(error);
        });
    });
  }
};

module.exports = auth0;

Any help much appreciated!

~Neeraj

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?